Documentation
Connections
Microsoft Dynamics 365/Dataverse
Enable TDS for Dataverse

Enable TDS for Dataverse

This page explains how to enable Tabular Data Stream (TDS) access for Microsoft Dataverse. Enabling TDS is required for DeDuplica to connect to your Dataverse environment and perform deduplication.

The steps below are written for Power Platform administrators and Dynamics 365 administrators, but are intentionally detailed so that non-technical users can follow them as well.

What Is TDS and Why It Is Required

Tabular Data Stream (TDS) is a Microsoft-supported feature that allows Dataverse data to be accessed using SQL.

When TDS is enabled:

  • Dataverse tables can be queried using SQL-based tools
  • Data is exposed in a read-only format
  • Security roles and permissions are fully respected

Why DeDuplica Requires TDS

DeDuplica uses SQL-based queries to efficiently:

  • Scan large numbers of records
  • Compare multiple attributes across records
  • Detect potential duplicates with minimal system impact

Without TDS enabled, DeDuplica cannot read Dataverse data and will not function.

Prerequisites

Before enabling TDS, ensure the following:

  • You have Power Platform Administrator or System Administrator permissions
  • You know which Dataverse environment DeDuplica will connect to
  • The environment is not restricted by organizational policies that block TDS

Step-by-Step: Enable TDS in Power Platform Admin Center

Step 1: Open Power Platform Admin Center

  1. Go to the Power Platform Admin Center: https://admin.powerplatform.microsoft.com
  2. Sign in with an administrator account

Step 2: Select the Correct Environment

  1. In the left-hand navigation, select Environments
  2. Choose the environment where DeDuplica will run

⚠️ Make sure you select the correct environment (Production, Sandbox, etc.)

Step 3: Open Environment Settings

  1. On the environment details page, select Settings
  2. Navigate to ProductFeatures

Step 4: Enable TDS Endpoint

  1. Locate TDS endpoint (sometimes labeled Enable SQL access)
  2. Set the toggle to On
  3. Save your changes

The change usually takes effect within a few minutes.

Verify That TDS Is Enabled

After enabling TDS, verification is recommended.

Option 1: Verify Using SQL Server Management Studio (SSMS)

  1. Open SQL Server Management Studio
  2. Create a new connection
  3. Server name:
    • <your-environment-name>.crm.dynamics.com,5558
  4. Authentication:
    • Azure Active Directory – Universal with MFA (recommended)
  5. Connect and expand Databases

If tables are visible, TDS is enabled.

Option 2: Verify Using DeDuplica

Once TDS is enabled:

  • DeDuplica should be able to connect successfully
  • Connection or timeout errors related to SQL access should no longer appear

Security Considerations

Enabling TDS does not expose data publicly, but Microsoft provides additional controls to restrict who can use the TDS endpoint.

Environment-Level vs User-Level Access

There are two layers of control for TDS access:

  1. Environment-level control – enables or disables the TDS endpoint for the entire Dataverse environment
  2. User-level access control (optional) – restricts TDS usage to specific users or application users

User-Level Access Control for TDS (Recommended)

Microsoft allows administrators to restrict TDS access using a dedicated security privilege called:

“Allow user to access TDS endpoint”

When user-level access control is enabled:

  • Only users with this privilege can connect via TDS
  • All other users will receive an authorization error
  • Normal Dataverse table and field security still applies

This is the recommended configuration for production environments.

How to Enable User-Level Access Control

  1. Open Power Platform Admin Center
  2. Select your environment
  3. Go to SettingsProductFeatures
  4. Enable User level access control for TDS endpoint
  5. Save your changes

Assign the TDS Privilege to a Security Role

After enabling user-level access control, you must explicitly grant access:

  1. Go to SettingsUsers + PermissionsSecurity roles
  2. Open the role assigned to the DeDuplica application user
  3. Go to Miscellaneous Privileges
  4. Enable Allow user to access TDS endpoint
  5. Save the role

Without this privilege, TDS connections will fail even if the endpoint is enabled.

Best Practice for DeDuplica

  • Use a dedicated application user
  • Assign only required read permissions
  • Explicitly grant Allow user to access TDS endpoint

This ensures maximum security and predictable b

Common Issues and Troubleshooting

TDS Toggle Is Not Visible

Possible reasons:

  • Insufficient permissions
  • Environment type does not support TDS
  • Organizational policy restrictions

Resolution:

  • Verify administrator role
  • Check with your Power Platform administrator

Cannot Connect Using SSMS

Common causes:

  • Firewall or network restrictions
  • Incorrect server name or port
  • Incorrect authentication method

Resolution:

  • Ensure port 5558 is allowed
  • Use Azure AD authentication
  • Confirm environment URL

DeDuplica Still Cannot Connect

If TDS is enabled but DeDuplica cannot connect:

  • Confirm the application user has read permissions
  • Verify the correct environment is configured
  • Check for conditional access or MFA restrictions

Microsoft Reference Documentation

For official Microsoft guidance, see:

Summary

  • TDS must be enabled for DeDuplica to work
  • Enabling TDS is a one-time administrative action
  • TDS provides secure, read-only SQL access to Dataverse
  • Verification using SSMS is recommended

If you encounter issues or are unsure about permissions, contact your Power Platform administrator or the DeDuplica support team.

Connection Limitations